bkk16-200 designing security into low cost io t systems
TRANSCRIPT
Designing security into low cost IoT systems
Jim Wallace
Linaro Connect, Bangkok 2016
Director, SSG Marketing
8th March 2016
© ARM 2015 2
Connectivity Efficiency Management Productivity Security
From Sensors to Servers
© ARM 2015 3
IoT is going everywhere
Weak crypto, protocols
Default Passwords
No Passwords
Hacked Devices
Weak crypto
Hacked device keys
Side-channel attacks
Memory bus probing
No device renewability
Software attacks
After hours cloning
Stolen keys
Weak Protocols
Base Stations
Weakness in protocol
No renewability
Smart Meter
Data Servers KeyServer
Silicon/OEM
Manufacturing
Sensors/Devices
Risks are hard to predict
© ARM 2015 4
Ultra-low cost Low cost
BBC micro:bit
BT Smart beacon
Rich BT Smart
Thread node
BT Smart
Device SW Capabilities
IP + TLS
mbed OS uVisor
Management Security
Firmware OTA
ARMv6-M
ARMv8-M Baseline
TRNG + Crypto
Device HW Resources
ARMv8-M Mainline
ARMv7-M with MPU
Generic
WiFi node
Gateway
Cortex-A Class
TRNG + Crypto +
GPU + VPU
IP + TLS
OP-TEE
Management Security
Firmware over-the-air
Rich UI/Multimedia
mbed OS / RTOS Linux / Rich OS
IoT - From Cortex-M to Cortex-A class devices
Intelligent
Connected
Secure
© ARM 2015 5
Evolution of IoT driving need for generic devices
Local intelligence enables:
Camera/microphone/other
sensors
Raw data does not need to be sent
to the cloud, only processed meta-
data is being sent
Reduced data bandwidth, transfer
overhead and processing latency
to/from cloud
Increased security
Face Detection
Arm/Disarm
Motion Sensor
Voice recognition
Breaking Glass
Communication
© ARM 2015 6
Security in IoT end points
Device management
Support for bootstrapping /
provisioning / Behaviour
monitoring…
Keep firmware up-to-date
Device integrity
Protect from untrusted S/W
Allow recovery from attack
Asset protection
Prevent access to certain
resources
Data security
Keep data confidential
Prevent data alteration
Physical Security
Anti-tampering
Device security Communications security
Management security
Link encryption
Prevent eavesdroppers listening
Authentication
Identity of endpoint / server
© ARM 2015 7
Security must be built into all stages of the system
© ARM 2015 8
mbed Device Connector eases development, management and scaling of IoT
Available at https://connector.mbed.com
Management security implemented via standards such as OMA LWM2M
Management security: mbed Device Connector
Build IoT Device Connect your devices
Build application
with example code
Utilize cloud
solutions
© ARM 2015 9
Hardware Interfaces
mbed OS
uVisor
mbed OS
Core Schedulers
mbed OS API
Communication Management
Device Management mbed TLS
mbed Client
IP Stack BLE API Event
Tasks Energy
Application Code Libraries
uVisor
Management Security Secure Drivers
ARM Cortex-M CPU Crypto Sensor Radio
SW Crypto
Thread API
mbed OS 15.11 mbed OS is a modular, secure, efficient, open source OS for IoT
Connects to mbed Device Connector
mbed OS
Drivers Device Drivers CMSIS-Core Debug Support
Thread BLE 6LoWPAN
uVisor
secure
isolation
MPU
Communication
Security
Management
Security
Device
Security
© ARM 2015 10
Device Connector
Support
Protocol Implementations: LWM2M, CoAP, HTTP
Channel Security Implementations: TLS, DTLS
Client Library Port
mbed OS or RTOS / Linux + Networking
mbed Client C++ API
Application and Service Integration
mbed Client
Connects to mbed Device Connector
Included as part of mbed OS, also
portable to other platforms including
Linux and third party RTOS
Implements protocols and support for
securely publishing resources (e.g.
sensor data), and managing the device
from the cloud
© ARM 2015 11
Communication security: mbed TLS
Fully-fledged SSL / TLS / DTLS Library
Developer friendly: Clean API and
documentation
Open Source under Apache 2.0 license at
https://tls.mbed.org/
Suitable for use on Cortex-M and Cortex-A
processors based targets
Transport
Security
Symmetric
Encryption
Public Key
Algorithms
Hash
Algorithms
Random
Number
Generation
X.509
Certificate
Handling
TLS/DTLS,
etc
AES, etc ECDHE,
ECDSA, etc
SHA, etc Entropy pool,
CTR_DEBUG,
etc
✔ https://tls.mbed.org/security
© ARM 2015 12
Device security services in low cost devices
Existing IoT solutions use flat
address spaces with little
privilege separation
Especially on microcontrollers
Mitigating strategy to split
security domains into
Exposed code
Protected critical code
Security
Foundation
• Cryptography
• Key Management
• Secure Identity
• …
Critical (secure world)
Remainder of
mbed OS
• Scheduler
• HAL + Drivers
• Connectivity stack(s)
• …
Exposed (Normal world)
mbed OS uVisor
Hardware Interfaces
ARM Cortex-M CPU Crypto Sensor Radio
MPU
© ARM 2015 13
TrustZone for low cost ARMv8-M IoT platforms
The ARMv8-M architecture introduces
secure and non-secure code execution
Code running in non-secure memory can only
access non-secure devices and memory
Code running in secure memory can access whole
address space
So low cost devices can
Have trusted code & Apps in secure memory
Can have non trusted applications installed in non
secure memory safe in the knowledge that they
cannot be used to attack the system
CryptoCell augments TrustZone
Providing a range of security subsystems for
acceleration and offloading
Non Secure
App
Secure
App/Libs
SECURE WORLD NORMAL WORLD
Non Secure
RTOS
Secure
RTOS
TrustZone AMBA 5 AHB5
Microcontroller
-310
Asymmetric
Crypto
Symmetric
Crypto
Data
interface
Security
resources Ro
ots
of tr
ust
A
lway
s
On
Control interface
CryptoCell-310
© ARM 2015 14
TrustZone technology for every IoT platform
Non Secure
App
Secure
App
Secure Monitor
SECURE WORLD NORMAL WORLD
Rich OS. e.g.
Linux
Secure
OS
Asymmetric
Crypto
Symmetric
Crypto
Data
interface
Security
resources Ro
ots
of tr
ust
A
lway
s
On
Control interface
CryptoCell-710
AMBA AXI
Apps Processor
Non Secure
App
Secure
App/Libs
SECURE WORLD NORMAL WORLD
Non Secure
RTOS
Secure
RTOS
TrustZone AMBA 5 AHB5
Microcontroller
-310
Asymmetric
Crypto
Symmetric
Crypto
Data
interface
Security
resources Ro
ots
of tr
ust
A
lway
s
On
Control interface
CryptoCell-310
© ARM 2015 15
Trusted Firmware, OP-TEE reduce fragmentation Secure World foundations for
ARMv8-A:
Trusted Board Boot
Secure World runtime – world switch,
interrupt routing, PSCI, SMC handling
Open source projects on GitHub
https://github.com/ARM-software/arm-
trusted-firmware
https://github.com/OP-TEE
v1.2 (December)
+ Trusted Boot baseline features
+ PSCI v1.0 key optional features
+ OS vendor alignment
GICv3 drivers
ARM Trusted FirmwareEL3
SoC/platform port
Normal World OSEL1/EL2
OP-TEE OSSecure-EL1
OP-TEE Dispatcher
OP
-TEE
pro
toco
l an
d m
ech
anis
m
Trusted AppSecure-EL0
AppEL0
OP-TEE Linux driver
OP-TEE client
OP-TEE protocol via SMC
via
ioct
l
Porting interface between Trusted
Firmware and SoC/platform
Interface between Trusted Firmware and Trusted OS Dispatcher
ARM Trusted Firmware
Trusted OS supplier
SoC supplier
OS/hypervisor supplier
Trusted App supplier
Internal TOS interface
© ARM 2015 16
ARM TrustZone CryptoCell
TrustZone, TEE and CryptoCell provide platform level security
with a hardware Root of Trust / Trust Anchor for the system
Crypto acceleration
TRNG
Configurable to target application – right size
Enhances usability e.g. time for DTLS handshake & door lock to open
Simplifies security implementations
Asymmetric
Crypto
Symmetric
Crypto
Data
interface
Security
resources Ro
ots
of tr
ust
A
lway
s
On
Control interface
CryptoCell
© ARM 2015 17
LITE using this to enable a security foundation
Efficient Crypto
Robust Protocols
Device Health Checks
TLS
Secure Manufacturing Line
Strong Crypto
Secure Meter
Renewability
Key Rotation
Secure Key Provisioning
End-t
o-E
nd
Secu
rity
Silicon/OEM
Manufacturing
Hardware Root of Trust
Secure Boot
Trusted Execution Environment
Trusted Firmware
Secure Clocks/Counters, Anti-Rollback
Secure Key Storage, Robust Crypto
Data
Servers Secure
Key
Server
Secure Base
Stations
Strong ID/Trusted UI
Memory Isolation
FOTA
HW-RoT
TEE
© ARM 2015 18
Imagine a world where…
From the wide choice of ARM-based devices, you chose the perfect one
for you
Price, performance, power, form, security etc.
And what software you ran on it was up to you…
Android / Brillo, BSD, CentOS, ChromeOS, RHEL, SUSE, Tizen, Snappy Ubuntu,
Windows, Yocto/OE, etc …or something we haven’t even thought of yet
But once you made that choice, it should all just work!
ARM & Linaro are committed to making this happen
© ARM 2015 19
Linaro and ARM providing the foundation for IoT
ARM working with Linaro to provide an end-to-end open source IoT
framework for specific IoT implementations
ARM part of LITE WG
“Place to collaborate on ARM architecture for IoT”, enabling
Software solutions from Cortex-M to Cortex-A based platforms
The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its
subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their
respective owners.
Copyright © 2016 ARM Limited